Skulls
Skulls or Skulls.A is a SymbOS trojan that attempts to overwrite files, rendering them unusable. This is one of the only trojans that are on SymbOS. Payload This trojan is targeted at Symbian Series 60 devices, but can affect some other devices (though on some devices, the user will get a warning that the SIS file is not intended for the device) and spreads via BlueTooth. When it is installed, it disables all built-in phone applications and replaces their icon with a picture of a skull on the menu (except calling from the phone and answering calls). To remove it, the user's only option is to reset the phone back to factory defaults. Variants This trojan contains a whopping 22 variants. * Skulls.B: This trojan undergoes the name "icons.sis". It does not show any message (except the security warning shown by the OS) and it replaces the icons to generic application icons instead of skulls. * Skulls.C: It will try to scan for F-Secure Mobile Anti-Virus and corrupts its files so it goes undetected. The trojan drops a copy of Cabir.F, which does not execute unless the user runs its file. * Skulls.K: It installs Cabir.M instead and also contains the flashing Skull picture from Skulls.D. * Skulls.L: It undergoes the name being the same as the F-Secure Mobile Anti-Virus. It pretends to be a pirated version of it, and it displays the message after installation: F-Secure Antivirus protect you against the virus. And don`t forget to update this! * Skulls.C & Skull.K: They undergo the name of "skull.sis", making it easy to know its the trojan. It does not show any message when installed. Its payload is the same as Skulls.A, but it also changes the names of all files to "Skulls". * Skulls.S: It installs Cabir.F multiple times. * Skulls.D: It pretends to be Adobe Flash for SymbOS, but drops Cabir.M and many other applications, and tries to disable third-party file managers and corrupts files of F-Secure Mobile Anti-Virus. Most of the programs installed will run on reboot. Its second payload is that it displays an animation of flashing Skull picture on the background and will be like that for everything. Skulls.G does the same thing as the Skull * Skulls.N: it also tries to corrupt the built-in file manager alongside some third party ones. * Skulls.O: It is the same as Skulls.N, but also installs Fontal.A and Commwarrior.B. The Fontal file seems to do no damage. * Skulls.E: This trojan is completely different, undergoing a name of "ThNdRbRd !.sis", making it easy to know its a virus. If installed, it corrupts the built-in File Manager and third-party ones also and drops Cabir.F. * Skulls.F, Skulls.H, and Skulls.I: These trojans, like the A variant, disables all built-in applications. However, instead of replacing the picture on the menu, it hangs the phone with a full screen, very creepy skull picture. Once again, the only way to remove it is by hard formatting the phone back to factory defaults. It also installs Cabir variants and Locknut.B. * Skulls.J: It corrupts files of F-Secure Mobile Anti-Virus, drops Appdisabler.A, and displays a flashing Skull picture but unlike other variants, it does not contain startup code for the animation due to it being prevented from working by Locknut.B which is also dropped by Appdisabler.A. * Skulls.M: Its payload is the same as Skulls.C's infecting and renaming, but changes the names of all files to "Khalid" instead. * Skulls.P: It undergoes the name of "Doom_v1.5_with_Sound_MMC__by_NewLC.sis". It is one of the most damaging variants of the virus, Skulls.P has components of Skulls.D and Skulls.N, alongside other variants before this virus. It also drops Mabir.A, several variants of Cabir, and component files from Fontal and Doomboot. The Doomboot component installs corrupted binaries and prevents the phone from booting at all if the phone is rebooted. * Skulls.Q: It is named "FireStorm_English_PATCH_by_SMPDA.sis" and is the same as Skulls.P, but it also drops Onehop.A, which cannot be executed. * Skulls.R: It is named "Excellent_Theme_2005.sis", and contains components of Skulls.A and Skulls.B, and it also drops Mabir.A. * Skulls.T: It undergoes as "Bluetoothextender.sis", also drops component files from Locknut.A, Doomboot.A, and installs Cabir.B, Cabir.M, Locknut.C, Commwarrior.C, and a pirated version of Simworks Anti-Virus. * Skulls.U and Skulls.V: It undergoes as "Ximplyfy Battery Extender.sis". They both install MGDropper.A instead of Commwarrior.C, and Skulls.V does not include Locknut. Media Category:SymbOS trojan Category:Trojan Category:Mobile Malware Category:SymbOS